Upgrade Your Outlook

Anyone who has used Microsoft Outlook Web Access (OWA) knows that it's not a real replacement for the desktop version of Outlook. OWA was created for quickly dipping in and out of e-mail or using the calendar function on the go. As Exchange has matured, Microsoft has made -- and, sadly, unmade -- improvements to OWA.

Now in its sixth incarnation -- seventh, if you class version 5.5 as a separate entity -- Microsoft has offered OWA since way back in 1997, when it was part of Exchange 5.0 and was called Exchange Web Access. In 2000, OWA started to come in two flavors, Premium and Light, with the major functionality changes in later versions restricted to GUI improvements for multiple-browser support.

There are some aspects of OWA that haven't changed. One of the major hang-ups has always been the printing of calendar entries, which is a glorified version of Print Screen. Also -- and more importantly -- the product's security is majorly flawed. For instance, you can be in OWA, navigate to another page, and then hit the back arrow and be back in OWA, still signed in. Another flaw involves attachment caching. Open an attachment in OWA; close it and sign out of OWA, and the file is still in the Temporary Internet Files cache. Double-clicking on the file in the cache folder will cause OWA to try and connect you back into the Exchange environment. However, if you were to copy that file onto the desktop, or to any other location, it would be possible for someone to open it without OWA ever attempting to authenticate against its server.

Messageware OWA Suite from Messageware Inc. addresses some of these issues. I found the people at Messageware to be very friendly, and the Web demo of OWA Suite was captivating. My initial eagerness quickly fell by the wayside later, however. Although the installation (which consists of four server-side applications) seemed to go without hitch, I couldn't get the result I wanted, which was to see either a binocular icon next to an attachment or a print icon in a calendar window. To Messageware's credit, its technical team did work tirelessly to get it functoning, and after letting the Messageware team members into my virtualized systems and sending them log files, they came back and asked if there was any third-party software that would compress the server responses. As this was a completely vanilla install of Windows Server 2008 R2 Standard (demo) and Exchange Server 2010 (again a demo downloaded straight from Microsoft), my answer was no, but I did a bit of digging. Soon, we knew the culprit and were in business.

IIS version 7 (which is the version running in Windows Server 2008 R2) comes with static compression turned on and prevents the Messageware suite from working as intended. That's a great shame, because once the compression is turned off Messageware runs like a dream.

Once we resolved that problem, I had a fully functioning Messageware OWA Suite running. So, what does it give me? Well, there are four server-side components and one client-side component: AttachView, OWA Print, NavGuard, TimeGuard and ActiveSend, each addressing a separate security concern.

AttachViewAttachView controls the opening and saving of documents. Whereas the vanilla OWA leaves the attachment on the PC, AttachView renders the attachment for the user at the server. This server-side rendering reduces the load on the Internet line, which is great if you're on dial-up or a wireless connection. If the PC you're using doesn't have the latest version of Microsoft Office or AutoCad on it with which to open a document, you need not worry. Messageware takes care of all of this behind the scenes. I can already imagine the reduction in support calls from the less-technical mobile workers. And it's not just Microsoft Office that benefits from this; AttachView supports more than 400 different file types.

One nice feature of the suite that I appreciated is that it's quite understated. All you see is the occasional icon. With AttachView, it's a binoculars icon next to the attachment, which when clicked opens a smaller window that shows that AttachView is loading. Once it has loaded, you're able to view, print and check the properties of the document, all with an index running down the left side of the window. Right-clicking on the attachment link also gives a new drop-down menu, offering the ability to open (disabled by default as it caches to the local PC), save or view documents in text or full mode. You can also view a PDF in full mode by clicking on the binoculars icon. Opening the PDF file in text mode renders the file without indexing it as one long document.

Logging into OWA as a user set up in the Bypass list (users who have standard OWA attachment functionality) and viewing the same 6MB PDF document used in this test shows that there's a small trade-off in loading time, but it's only a matter of seconds. Personally, I'd rather wait a few seconds and have the knowledge that my data is safe and that no one can open the Temporary Internet Files and read my documents.

OWA PrintOWA Print adds a number of options to the calendar printing in OWA.

The actual printouts also look very polished. Instead of the default six large boxes (with the sixth split in two for the weekend), the week view in OWA Print presents each day -- starting on Sunday instead of Monday -- in a grid view starting at 7:00 a.m. and running to 7:00 p.m. It also includes the actual name of the day, which I always find helpful. The downside is that it doesn't include the month or year, so if you print off a large number of calendars you might not know which month, or even year, you're looking at.

How many times have you been in the situation where you're in a Web page and suddenly think, "Oh, I just need to check that out?" You head to the address bar, type in a URL, read what you were looking for and then hit the back arrow -- at which point you're faced with your OWA session. In that situation, when you hit the back arrow, NavGuard will prompt you to either log out of OWA or to return to it.

Though this feature is not as advanced in Firefox, it works well in Internet Explorer (tested with version 8). This is due to Firefox development constraints rather than anything to do with NavGuard itself.

TimeGuardTimeGuard ensures that OWA users can't leave sessions open beyond the mandatory time and allows you to set session inactivity timeouts (default of 20 minutes), maximum session time (default of eight hours) and a session timeout warning (four minutes by default). TimeGuard presents the user with a small but noticeable banner at the top of the page. Once the counter hits zero, the user is logged out.

ActiveSendActiveSend is a client-side application that modifies the context menu entry Send To > Mail Recipient. Right-clicking on a file and selecting this path will cause ActiveSend to open up a new OWA e-mail message, attach the file and send it to the chosen recipient. This allows the user to avoid having to log in to a full OWA session. The option can be set to either prompt for the username and password every time you use it, or the password can be encrypted in the registry and stored.

If you use the full-blown version of Outlook on your desktop for non-work use and need OWA for work e-mail, then you can easily switch the default action of the context menu between the two using the client-configuration software.

Stellar ToolOverall, the Messageware OWA Suite is a well-conceived addition for Exchange 2010. For those companies that need to enforce a mandatory remote e-mail security policy -- which should be all of them -- this software fits the bill perfectly. You can't trust users, no matter how much training and how many policies you have in place, to always clear Internet caches or even to log out properly. This software takes care of those worries for you. It doesn't give users a choice. Attachments in e-mails will no longer rest on the client computer for someone else to stumble upon.

There are other added bonuses with this suite. The individual components support RSA SecurID and RSA Single Sign On. You can bypass individuals or groups as needed, so they won't face the same enforced rules regarding attachments, navigation events or session timers. The rules within the individual components are completely configurable; you can add new rules as needed. So, say you have one group for which you want to impose a limit of 2MB per attachment and another group that should be limited to 5MB. With the OWA Suite, this is easy to do.

There were a couple of problems with the suite, but it's important to note that they were not necessarily due to the way the software has been coded.

Every change you make to the configuration for any of the components requires either a 15-minute wait for the settings to refresh or a restart of the World Wide Web Publishing service. However, I can't actually picture a scenario in which an IT pro working with Exchange would regularly need to make ad hoc changes to the configurations. The majority of configurations would be performed at the initial install, with additional configurations performed at a scheduled time where users would not notice that the OWA site is temporarily unavailable. In addition to this, most organizations have a load-balanced or clustered OWA infrastructure, so having one server down for less than a minute would not cause a problem.

One feature I'd like to see would be better Active Directory integration when using the bypass option. Although it's easy to type in a group or user name, it's always nice to be able to browse the AD tree and select multiple users or groups in one move. In an environment with multiple OWA servers, this could be slightly annoying if it were not for the option to export the settings from all of the components. That option makes subsequent set up a simple matter of exporting the settings from one server, installing the component and importing the .ZIP file into the next server.

There's a time trade-off with the AttachView component. As the documents are rendered on the server, the resulting screen takes slightly longer to reach the user, though this is a matter of a few seconds. Also, I was testing within a virtualized environment. Nevertheless, waiting a few seconds with the knowledge that my data is safe is not a problem for me in the least. Security restrictions always have a time cost; Messageware's product keeps that cost to a respectable minimum.

The final issue was the matter of IIS7 compression. I can't help but feel that Messageware should have been aware of this earlier. To its credit, the company did work tirelessly to get this working for me, and if I were a paying customer I'd be very pleased to know that the tech support guys are hardworking. But finding the root cause of the problem more quickly would have been preferable.

On the other hand, pointing the finger solely at Messageware would be hugely unfair. I trawled through numerous pages on search engines looking at "changes in IIS7," trying to find one instance where a document states that compression is turned on by default, and I can't find a single one. If readers can find an article introducing the changes in IIS7 and confirming this, I'd be pleased to know about it. At any rate, Messageware is now very aware of this particular issue, and it should not trip anyone else up in the future.

If you want to set up a security policy for your OWA environment -- and let's face it, you should -- then Messageware OWA Suite is ideal. It offers excellent configurability options and is a fantastic enhancement to your Exchange infrastructure. It also takes the emphasis away from the client computer, offering secure and safe viewing of more than 400 different types of files.

Pricing starts at for the software is $1,287 for a 25-user license consisting of the entire Messageware Outlook Web Access Suite. Individual components of the suite are available for $495. Larger enterprise editions are quoted based on the number of CPUs and mailboxes.